Bridge Mode and Passthrough - Why are they used and what are the differences?
Bridge Mode and Passthrough - Why are they used and what are the differences?
Misuse of terms
Before we get started, it's important to note that the misuse of these terms is common with Comcast and Spectrum.
Comcast and Spectrum often refer to Passthrough mode when what they really mean is a certain configuration of the modem's settings to remove all restrictions on inbound and outbound traffic for the Public IP subnet. They typically are correct in their use of Bridge mode.
Important Related Articles
- What are bridge and passthrough modes?
- What are differences between gateway and router?
- What is Network Address Translation (NAT)?
Bridge Mode
The ISP gateway is configured to allow its Public dynamically assigned IP address to be used on a customer owned managed Firewall or Router. By enabling the bridge mode, router function (layer 3) is essentially disabled and the gateway functions as a modem (layer 2).
- Used only with Dynamically assigned Public IP addresses
- DHCP will deliver ONE public IP from the modem/gateway to the client's Firewall or Router
- Zero filtering on inbound and outbound traffic
- ISP Gateway cannot be remotely accessed by their support team unless it is reset to factory defaults
- Incompatible with Local IP assignment via DHCP
- Incompatible with Public Static IP
This is NOT a recommended configuration. If the ISP replaces the modem, we may lose access to the Firewall. Some of our clients do have this configuration along with a DDNS setup. If the client has a WatchGuard firewall, we should either move them to a static IP or cloud management so Bridge Mode can be disabled.
IP Pass-through / Passthrough
Used to pass a Static Public IP address to a customer owned managed Firewall or Router. IP pass-through works essentially the same as the bridged mode where customer can use their own router behind the ISP-provided gateway.
- Used only with Statically assigned Public IP addresses
- DHCP will deliver ONE public IP from the modem/gateway to the client's Firewall or Router
- Filtering of traffic by the ISP gateway is possible and their firewall should be fully disabled for the Public IP subnet
- Can be compatible with Local IP assignment via DHCP
- Allows the ISP to connect to the gateway for updates and troubleshooting
Related Articles
Speed Issues and Speed Test Best Practice
Use a remote session or have the customer navigate to one of the links below depending on the connection type. Test speed for cable or DSL connections by using www.speedtest.net For AT&T fiber test using https://www.att.com/support/speedtest/ ...USB C Video Output and Dock Compatibility
USB C Video Output: To support video output via USB C, the host device must support Power Delivery and DisplayPort Alt Mode or USB-C 3.1 (generation 1 or 2) To support 4K@60Hz, your laptop must support DisplayPort 1.4. USB Hubs and Display Link for ...Outlook Calendar Sharing and Permissions
Outlook Calendar Sharing and Permissions Video Calendar Permission Levels Can view when I'm busy - People you share with can only see the times you've blocked out as busy. Can view titles and locations - People you share with can see the titles and ...Set your Default Printer in Windows 10
In Windows, you can change your Default Printer in two locations: Windows Settings 1. Click Start: 2. Click Settings: 3. Click Devices: 4. Click Printers & Scanners 5. Choose the printer you want to be your default by clicking it in the list, then ...Proofpoint Security Notice - FAQ
Dear Team Members: This information is time sensitive and important – please review this information carefully. We have deployed an additional layer of protection to your company email called Proofpoint Essentials. This is a secure email gateway that ...